Call: 1300 350 509

Exceptional
IT Services And Support
Australia Wide
Exceptional
IT Services And Support
Australia Wide

Free Strategy Session

Blog

Data breaches are on the rise, but that won’t force companies to up cyber security

Article courtesy of ABC News. http://abc.net.au/news/2018-07-12/data-breaches-are-on-the-rise/9987448   Data breaches are on the rise, but that won't force companies to up cyber security By business reporter Rachel Pupazzoni for The Business Updated 12 Jul 2018, 6:14pm PHOTO: Experts say reporting breaches will not stop your data being stolen. (ABC Canberra: Hannah Walmsley) RELATED STORY: AFP investigating airport security card data hack RELATED…
Read more

50,000+ emails, data breach at major Australian shipping company

In what might be the first report made under the new mandatory data breach laws an Australian shipping company has revealed that tens of thousands of it's emails were auto-forwarded without permission. We have seen this a number of times where a person's email becomes compromised and the attacker sets up an auto-forward rule so that…
Read more

How one click of the mouse cost a Melbourne business over $80,000

Last week I received some news that I never wanted to hear, one of our customers was targeted for an email scam which cost them big time and we were being tasked with working out the who/what/where/why. The scam went something like this - our customer was involved in a legitimate transaction whereby they were…
Read more

In a little more than two weeks time, on February 23rd 2018 all Australian Businesses with a turnover of 3 million dollars or more will be required to notify the Office of the Australia Information Commissioner of any significant data breaches.  The new laws also apply to some smaller businesses such as those that handle health data.

Article sources:

https://www.computerworld.com.au/article/630028/100-days-until-mandatory-data-breach-notification-becomes-law/

https://blog.sonicwall.com/2018/01/preparing-for-notifiable-data-breach//

Who does the law apply to?

Almost every significant sized Australian business must comply with this new law.

The law covers most Australian government agencies, businesses with an annual turnover of at least $3 million, and some smaller organisations (such those that handle health data).

It doesn’t matter if you are a for-profit, governmental, or not-for-profit organisation – if you handle personal information then you are required to secure it and have in place a standard plan to notify impacted individuals in the event of a data breach. Basically, if your organisation collects any of the following you are impacted by the revised Privacy Act:

• Credit reporting or building data.

• Personally identifiable information.

• Tax data.

Is my data at risk?

Short answer: Yes.  Let me explain with the use of this excellent infographic prepared by the good people at Sonicwall.

Steps you should take now

Many of you will already have polices and procedures in place to deal with a client data breach and those policies might only need a little bit of tweaking, for others a complete re-write of your policies and procedures might be on the cards.  You should seek legal advice from a reputable business lawyer and probably get your HR advisers involved too.

One simple step you can take is to audit the data that you already collect from your customers and decide if it is all really necessary to keep it.

Of course prevention is always better than a cure, if you haven't had your digital security systems recently audited now might be a good time.  In most cases a combination of the following will not only make your business compliant with the new laws but also reduce the likelihood of a significant data breach:

  • Reputable anti-malware software
  • Strong password policies
  • Two-factor authentication
  • Staff training
  • Well thought out policies and procedures

Your obligations in the event of a data breach

Should you discover that your sensitive data has made it's way in to the wrong hands there are several steps you must take.

  1. Plug the leak.
  2. Notify those affected of the data loss.
  3. Notify the Australian Information Commissioner.
  4. Put permanent measures in place to prevent a similar breach in the future.

More information

An excellent article was published last year and can be found here: https://www.computerworld.com.au/article/630028/100-days-until-mandatory-data-breach-notification-becomes-law/

The Amendment can be found here: https://www.legislation.gov.au/Details/C2017A00012